Description
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
Remediation
References
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2020-2182 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding
CVE-2019-17638 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2019-13173 Vulnerability in maven package org.webjars.npm:fstream
CVE-2016-3087 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core_2.10